92d69b264f4f3d4c2f5ba4fd5c4700c2197b20d1ceea75c38a968be91ea6dc13

General

Target

DocuSignWITWB.dmg
Size

249KB
Sample

241120-wp32sszfqg
MD5

428ffe4753aa646259211668899cd6c3
SHA1

b2cc431816f54d3147f6b64fce2f7fc5f3d845fb
SHA256

92d69b264f4f3d4c2f5ba4fd5c4700c2197b20d1ceea75c38a968be91ea6dc13
SHA512

7a96e17d0d251a886c3eabcbe14ff50eb685b464918066814dedb9148d28cd828938e610710b7d78901229775e6af1ee87769998649fbd3da0f7327a5a019d92
SSDEEP

6144:XYo0JhH5/gTz5LVFEwtLMF/7WZar48ZZx1bFAumMT:XYzZ/QVFEEeWZm4UZxpFpT

Score

8^/10

Malware Config

Targets

- Target
  
  DocuSignWITWB.dmg
- Size
  
  249KB
- MD5
  
  428ffe4753aa646259211668899cd6c3
- SHA1
  
  b2cc431816f54d3147f6b64fce2f7fc5f3d845fb
- SHA256
  
  92d69b264f4f3d4c2f5ba4fd5c4700c2197b20d1ceea75c38a968be91ea6dc13
- SHA512
  
  7a96e17d0d251a886c3eabcbe14ff50eb685b464918066814dedb9148d28cd828938e610710b7d78901229775e6af1ee87769998649fbd3da0f7327a5a019d92
- SSDEEP
  
  6144:XYo0JhH5/gTz5LVFEwtLMF/7WZar48ZZx1bFAumMT:XYzZ/QVFEEeWZm4UZxpFpT
Score

8^/10

discovery evasion execution exfiltration
- Identifies hardware specifics through system_profiler
- Exfiltration Over Alternative Protocol
  Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel.
  exfiltration
- File Permission
  Adversaries may modify file permissions/attributes to evade access control lists (ACLs) and access protected files.
  evasion
- Gatekeeper Bypass
  Adversaries may modify file attributes and subvert Gatekeeper functionality to evade user prompts and execute untrusted programs. Gatekeeper is a set of technologies that act as layer of Apples security model to ensure only trusted applications are executed on a host.
  evasion
- File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer) may leave traces to indicate to what was done within a network and how. Removal of these files can occur.
  evasion
behavioral1
- Target
  
  DocuSignWITWB/.DS_Store
- Size
  
  10KB
- MD5
  
  f854d3d7202a23ee18028720bfd7da24
- SHA1
  
  44fa593f8713b920aab3f078e1b82ceeb5007897
- SHA256
  
  a53477c141b8d0ca6ad4e2d924483c6da2d358e5aab7403861cfcdeebcd6eda8
- SHA512
  
  1d22737408140fc006b2e6512464a60fc83a591c576524cd9e46b53218033fe01cf4af0dd1d105f196ef9abc66fe2f4e894ebf02dec54d84f21eab9889c01fff
- SSDEEP
  
  96:C3VgcW3SF/q4t4hxpl1eCr52E7a76hxplc:C3Of3SZS1OgOOc
Score

1^/10
behavioral2
- Target
  
  DocuSignWITWB/.DocuSignWITWB
- Size
  
  230KB
- MD5
  
  0b7052743eaca64ebf29a49bcbbdf2c3
- SHA1
  
  a6d9dbd40dee54c34a0007814593bb4964c8fff0
- SHA256
  
  cdfc3e388b6fe9ff73d3b02a61a741e17dd4fd1177f0ed771a075b5084aca7b3
- SHA512
  
  ecfa3ee89b3aa46af35b45f35ea3b59d55325f25e9db059826afe98d232b58a42c1542cfcfc4c00ece8ec8a7daad1c53812657ad6287d4342fa1c5bebd049618
- SSDEEP
  
  1536:lHDLV8NOYUr08NO1Ut+Co9I6wWuSLfrWChovpxo7F/IEln2ENjyCMMl+OpwhX8Ns:ZD3WBPpwhx3WBp2
Score

8^/10

evasion exfiltration
- Identifies hardware specifics through system_profiler
- Exfiltration Over Alternative Protocol
  Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel.
  exfiltration
behavioral3
- Target
  
  DocuSignWITWB/.VolumeIcon.icns
- Size
  
  91KB
- MD5
  
  52437fdadeec71318be0b76067674a6b
- SHA1
  
  adc67c2d8f9a455766376511eb1397969ad33850
- SHA256
  
  48cee76ceec4cdfe0f2cac440d3e0eac156bb1a5014a65b75928da9329e95015
- SHA512
  
  6ca58da862082c05162f9cf5e4a39188019cc0c457ba6e047e2c4a5cabfe5be0e8c3e6a1256cd50cfba64661ac31bf6600e2c6ab13532638a00ce34a50057e7b
- SSDEEP
  
  1536:c/CiYCiYCiu+C+C+fmfbvmfbvmfbDzXM31PuRwuvDzXM31PuRwuvDzXM31PuRwuI:c/tYtYtu+C+C+fKvKvKofuwfuwfuI
Score

1^/10
behavioral4
- Target
  
  DocuSignWITWB/.background/SySbK3.png
- Size
  
  14KB
- MD5
  
  8c7a8a8b2c4027c74e856efc03cd7529
- SHA1
  
  b4273e719612374d3a3fe872d1d8affd0aa011e5
- SHA256
  
  f84debba3b2e161f04c299f8bb00c278b900c60ac1535df73e2760b66de0b2ff
- SHA512
  
  bc1786db9aa98678f343bf7b99c408365efd2e7cad2e708317ea82489013e21defe1a4c0ac4dfac4b2ae101ccb5460ff660a73781042cc08b37c0414c592a4a2
- SSDEEP
  
  192:39kqSrMAdblPGGmdvQVff9Pc2IpGMoZ8mcOsnUCCEV0WKh4bwKNx6E:t6wAN889IpOcBFuccKTR
Score

1^/10
behavioral5
- Target
  
  DocuSignWITWB/DocuSignWITWB.file:rsrc
- Size
  
  159KB
- MD5
  
  d0f1e225b2dd1b53d4b902bbd6a4b495
- SHA1
  
  b758253da2a87e6b9a71b98b976c590a71dda431
- SHA256
  
  e474170a11c794d6299945972ab20970a6d5860b6ad2f6a2ebbec69613ee31f0
- SHA512
  
  04ac989eb8c2be93a774c623f3b89f015d0d7055e570edaaad77baa360ca1e4bb7e60598d3be2604304807a9d6ab416fab95bb54b139576aa8bb1f9ff4e5a1ca
- SSDEEP
  
  3072:lRavf2eYmrYv03PzdTxDHmxRavf2eYmrYv03PzdTxDHmu:/9eBscfxZO9eBscfxZ/
Score

1^/10
behavioral6
- Target
  
  DocuSignWITWB/Terminal
- Size
  
  864B
- MD5
  
  cd8faf1f135a3f8108f6d454afcbd23d
- SHA1
  
  dd6dd4623f68e9cfe1ec1bc6557bf3cf8af82819
- SHA256
  
  883e8357ce58047751efda8f7e5129c9e51f248d558f0d0c825853c3e740a1a8
- SHA512
  
  c9a876e258d434c248c7c49ff4190f0847092801e6534c43110de0c1368ffbe515b7f54da4a20d36e49ffefaaf2aaf1813fc4e3bb6b2f62094da3a15a5003622
Score

1^/10
behavioral7